Some of the posted images are said to be real, some fake, but the main issue is the source of these images: the iCloud accounts of the Hollywood celebrities — at least according to the hacker who originally posted them on the Web.

According to security experts contacted by Re/code, the hacking and theft of the nude images might have been prevented if those affected had enabled two-factor authentication on their accounts.

Apple, however, has been silent on how these attacks were carried out, but if we are to believe an earlier report from today, the Find My iPhone API has a vulnerability that was highlighted just several days ago.

There are too many coincidences, including the iBrute software posted on GitHub that allows hackers to automate brute-force attacks against iCloud accounts, and since Apple allows an unlimited number of password guesses, there was plenty of time for the software to guess the passwords. Apple has fixed that aspect of the vulnerability since then.

The fact is, Apple is a bit late in the game of two-step verification, and it doesn’t advertise it properly, Mandiant security researcher Darien Kindlund points out. The two-step verification system adds another layer of security for Apple accounts, as it requires both a security code and a trusted device to log the user into his/her account.